Secure site seals may be misleading: Netcraft

July 29 2002

Secure site seals handed out to sites by certificate authorities and lock icons shown by browsers can often mislead consumers into believing that a site is more secure than it actually is, according to the latest Netcraft Web Server Survey.

The survey said a recent dialogue between the two leading certificate authorities - Verisign and Geotrust has highlighted the fact that though the site seal and browser lock may look reassuring, there was no assurance at all that the site is not vulnerable to some well known exploit, and typically many are.

It said the discovery of remote vulnerabilities in Microsoft Commerce Server and Microsoft-IIS published last month, had left many commerce and financial sites open to attack, and there was often no clear cut way in which a site's prospective customers can legally determine whether their transactions and data were likely to be safe or not.

Due to these factors, Netcraft said it was likely that payment mechanisms on the Internet would increasingly become centralised.

The survey also showed that IIS has made a gain of three percent in number of sites hosted on the Net due to the fact that register.com putting a Windows-based front end back in place on their domain parking system. It said register.com had alternated recently between a Windows and Linux front end, and this caused a fluctuation when it changed.
");document.write("